Cloudflare named a Strong Performer in Email Security by Forrester

Today, we are excited to announce that Forrester has recognized Cloudflare Email Security as a Strong Performer and among the top three providers in the ‘current offering’ category in “The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025” report. Get a complimentary copy of the report here.

According to Forrester:

“Cloudflare is a solid choice for organizations looking to augment current email, messaging, and collaboration security tooling with deep content analysis and processing and malware detection capabilities.”

In this evaluation, Forrester analyzed 10 Email Security vendors across 27 different criteria. Cloudflare received the highest scores possible in nine key evaluation criteria, and also scored among the top three in the current offering category. We believe this recognition is due to our ability to deliver stronger security outcomes across email and collaboration tools. These highlights showcase the strength and maturity of our Email Security solution:

Antimalware & sandboxing

Cloudflare’s advanced sandboxing engine analyzes files, whether directly attached or linked via cloud storage, using both static and dynamic analysis. Our AI-powered detectors evaluate attachment structure and behavior in real time, enabling protection not only against known malware but also emerging threats.

Malicious URL detection & web security

URLs are analyzed at delivery and again at click-time using Cloudflare’s global network. Our OCR and machine learning models extract and analyze metadata and page behavior to determine the maliciousness of a URL. Customers can also isolate suspicious links in remote browser sessions preventing user compromise. We continuously monitor URLs and retroactively remediate messages if the risk changes.

Threat intelligence

With over 4.4 trillion signals ingested daily across DNS, HTTP, and email layers, Cloudflare operates one of the most comprehensive real-time threat intelligence ecosystems. Campaigns observed via our DNS or HTTP layers are used to preemptively block related email threats well before traditional feeds.

Content analysis & processing

Cloudflare uses an ensemble of large language models (LLMs), natural language processing (NLP) techniques, and machine learning (ML) classifiers to analyze message tone, thread behavior, QR codes, and invoice language. These models detect indicators of fraud, business email compromise (BEC), and social engineering that legacy engines often miss.

Reporting & dashboards

Cloudflare’s unified Zero Trust dashboard gives SOC teams full visibility across email, web, cloud, data events. Analysts can pivot across user activity in just a few clicks and export data when needed. 

User quarantine

Our quarantine workflow is designed to minimize disruption. Customers can choose several ways to get notifications to users about messages that have been quarantined. 

Email authentication

Cloudflare enforces SPF, DKIM, and DMARC alignment automatically. We also offer a free DMARC reporting tool that gives customers visibility into email authentication failures and helps them take control of email brand protection.

Product security

Security is core to Cloudflare’s DNA. All services undergo continuous penetration testing, adhere to SOC 2 Type II and ISO 27001 standards, and operate on Cloudflare’s own infrastructure.

Partner ecosystem

Cloudflare integrates natively with Splunk, Microsoft Sentinel, Palo Alto XSOAR, and ServiceNow, making it easy to bring Cloudflare Email Security into existing SOC workflows. We also partner with leading human risk and awareness platforms to give organizations a more user-centric view of risk and behavior.

These strengths reflect Cloudflare’s commitment to building a comprehensive email security platform, one that’s designed to protect email inboxes and workspaces. 

We agree with Forrester’s perspective on where the email security market is headed. Across our customer base, from Fortune 100 enterprises to fast-growing startups, we’ve seen a clear evolution:

Phishing is no longer confined to the inbox.

Attackers are increasingly luring users into external apps, unaudited chat platforms, or legitimate third-party services, bypassing traditional security controls. This shift is forcing SOC teams to think beyond just email and adopt a more holistic approach to workspace security.

Cloudflare was one of the first vendors to position email security as part of a broader SASE and Zero Trust strategy, securing not just messages, but the entire user surface. Looking ahead, we’re doubling down on this integrated vision of workspace security to give SOC teams simpler investigations and faster response.

We will continue to:

• Build AI-driven automation Reduce alert fatigue and manual triage by using LLMs to summarize incidents, auto-label threats, and recommend next steps, allowing junior analysts to act with senior-level confidence.

• Deepen integrations across the Cloudflare ecosystem Continue to unify signals across email, web, cloud, and data to give security teams a single view of user behavior driving faster remediations.

• Enhance real-time user coaching Deliver contextual guidance at the moment of risk, whether via banners, isolation flows, or in-app warnings, to help users make safer and more informed decisions.

• Develop best-in-class detections Continue investing in advanced models detecting new and novel phishing campaigns by leveraging global telemetry from our network edge to stop novel threats faster.

Cloudflare has always approached email security not as a standalone point solution, but as a core pillar of unified threat protection, deeply integrated across the modern enterprise security stack.

We provide all organizations (whether a Cloudflare customer or not) with free access to our Retro Scan tool, allowing them to use our predictive AI models to scan existing inbox messages. Retro Scan will detect and highlight any threats found, enabling organizations to remediate them directly in their email accounts. With these insights, organizations can implement further controls, either using Cloudflare Email Security or their preferred solution, to prevent similar threats from reaching their inboxes in the future.

If you are interested in how Cloudflare can help secure your inboxes, sign up for a phishing risk assessment here. 

_{Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here.}

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.